On June 28th, the CNIL organised the first edition of the Privacy Research Day in Paris and DPI was there! So, if you missed this event, here is a summary of a remarkably successful day!

Through this event, which the CNIL wishes to repeat annually, the CNIL has expressed the desire to build bridges between researchers and regulators. To achieve this objective, the day was dedicated to the presentation of research by international experts in different fields of data protection.

In the aftermath of this event, we can say that the challenge was successful! The day was full of learning and enrichment and allows us to return to Belgium with some axes of reflexion to work on internally but also some points to develop with you during one of our Stay Tuned or during a future Privacy Café.

However, to give you an idea of the quality of the research presented, here are three research projects that caught our attention the most!

The first presentation of this day, rich in discoveries, showed us how promising this day was. Indeed, the economic analysis of the notion of “appropriate measures” within the meaning of Article 32 of the RGPD carried out by Annika SELZER’s team from the Fraunhofer-Institute in Germany, gave us very concrete figures on the notion of appropriate measures and the financial risks that companies may encounter and also taught us a lot. You can find a direct link to this study here: https://edpl.lexxion.eu/data/article/17705/pdf/edpl_2021_03-016.pdf

The second part of the day on smartphones and their applications was just as promising. The presentation that caught our attention was that of Naif Mehanna from the University of Lille and INRIA in France. His research on “The price to pay for playing: a privacy analysis of free and paid games in the Android ecosystem”. Starting from the premise that little is known about the data collection that fuels the advertising and tracking industry behind mobile games, Naif Mehanna wanted to shed light on the tracking ecosystem in mobile games on Android and understand how different monetisation models can impact on user privacy. So, are you as interested as we were in finding out the results of Naif MEHANNA’s research? Follow this link to learn more: https://hal.archives-ouvertes.fr/hal-03559973/document

Finally, here is our third favourite presentation, by Sallam ABUALHAIJA from the University of Luxembourg. His research is on “Automating the completeness check of privacy policies using AI”. Aware of the importance of a privacy policy, Sallam ABUALHAIJA and her team propose an AI-based automation to verify the completeness of privacy policies. Using systematic qualitative methods, the team first set up two artefacts to characterise the privacy provisions of the GDPR, namely a conceptual model and a set of completeness criteria. Then, the team developed an automated solution based on these artefacts by exploiting a combination of natural language processing and supervised machine learning. Specifically, they identified the content of GDPR-relevant information in privacy policies and then checked it against the completeness criteria. To evaluate their approach, the team collected 234 actual privacy policies in the fund industry. Out of a set of 48 unseen privacy policies, their approach correctly detected 300 violations of certain completeness criteria out of a total of 334, while producing 23 false positives. This gives their approach a precision of 92.9% and a recall of 89.8%. Interested? Feel free to learn more about their research via this link: https://arxiv.org/pdf/2106.05688v1.pdf

Once again, thank you to the CNIL and the researchers for this day, we very much hope that such an experience will be repeated in the years to come and why not by another data protection authority!

Stay informed via our newsletter

Stay connected with our latest news, offers and available training.